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Abstract 


This document is one in the series of documents that define various 
MIB objects for IPv6. Specifically, this document is the MIB module 
which defines managed objects for implementations of the User 
Datagram Protocol (UDP) over IP Version 6 (IPv6). 


This document also recommends a specific policy with respect to the 
applicability of RFC 2013 for implementations of IPv6. Namely, that 
most of managed objects defined in RFC 2013 are independent of which 
IP versions underlie UDP, and only the UDP listener information is IP 
version-specific. 


This memo defines an experimental portion of the Management 
Information Base (MIB) for use with network management protocols in 
IPv6-based internets. 


1. Introduction 


A management system contains: several (potentially many) nodes, each 
with a processing entity, termed an agent, which has access to 
management instrumentation; at least one management station; and, a 
management protocol, used to convey management information between 
the agents and management stations. Operations of the protocol are 
carried out under an administrative framework which defines 
authentication, authorization, access control, and privacy policies. 
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Management stations execute management applications which monitor and 
control managed elements. Managed elements are devices such as 
hosts, routers, terminal servers, etc., which are monitored and 
controlled via access to their management information. 


Management information is viewed as a collection of managed objects, 
residing in a virtual information store, termed the Management 
Information Base (MIB). Collections of related objects are defined 
in MIB modules. These modules are written using a subset of OSI’s 
Abstract Syntax Notation One (ASN.1) [1], termed the Structure of 
Management Information (SMI) [2]. 


2. Overview 


This document is one in the series of documents that define various 


MIB objects, and statements of conformance, for IPv6. This document 
defines the required instrumentation for implementations of UDP over 
IPv6. 

3. Transparency of IP versions to UDP 


The fact that UDP is carried over IPv6 as opposed to IPv4, is largely 
invisible to a UDP implementation. A "UDPng" did not need to be 
defined, implementations simply need to support IPv6 addresses. 


As such, the managed objects already defined in [UDP MIB] are 
sufficient for managing UDP in the presence of IPv6. These objects 
are equally applicable whether the managed node supports IPv4 only, 
IPv6 only, or both IPv4 and IPv6. 


For example, udpInDatagrams counts "The total number of UDP datagrams 
delivered to UDP users", regardless of which version of IP is used to 
deliver any of those datagrams. 


Stated differently, UDP implementations don’t need separate counters 
for IPv4 and for IPv6. 


4. Representing UDP Listeners 


The exception to the statements in section 3 is the udpTable. Since 
IPv6 addresses cannot be represented with the IpAddress syntax, not 

all UDP endpoints can be represented in the udpTable defined in [UDP 
MIB]. 


This memo defines a new, separate table to represent only those UDP 
endpoints that utilize an IPv6 address. UDP endpoints on IPv4 
addresses continue to be represented in udpTable [UDP MIB]. 
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A different approach would have been to define a new table to 
represent all UDP endpoints regardless of IP version. This would 
require changes to [UDP MIB] and hence to existing (IPv4-only) UDP 
implementations. The approach suggested in this memo has the 
advantage of leaving IPv4-only implementations intact. 


It is assumed that the objects defined in this memo will eventually 
be defined in an update to [UDP MIB]. For this reason, the module 


identity is assigned under the experimental portion of the MIB. 


5.  Conformance 


This memo contains conformance statements to define conformance to 
this MIB for UDP over IPv6 implementations. 


6. Definitions 


IPV6-UDP-MIB DEFINITIONS ::= BEGIN 

IMPORTS 
MODULE-COMPLIANCE, OBJECT-GROUP FROM SNMPv2-CONF 
MODULE-IDENTITY, OBJECT-TYPE, 
mib-2, experimental FROM SNMPv2-SMI 
Ipv6Address, Ipv6IfIndexOrZero FROM IPV6-TC; 


ipv6UdpMIB MODULE-IDENTITY 
LAST-UPDATED "98012900002" 
ORGANIZATION "IETF IPv6 MIB Working Group" 
CONTACT-INFO 


" 


Mike Daniele 


Postal: Compaq Computer Corporation 
110 Spitbrook Rd 
Nashua, NH 03062. 
US 


Phone: +1 603 884 1423 
Email: danieletzk3.dec.com" 
DESCRIPTION 


"The MIB module for entities implementing UDP over IPv6." 
::= ( experimental 87 } 


-- objects specific to UDP for IPv6 


udp OBJECT IDENTIFIER ::= { mib-2 7 } 


-- the UDP over IPv6 Listener table 
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-- This table contains information about this entity's 

-- UDP/IPv6 endpoints. Only endpoints utilizing IPv6 addresses 
-- are contained in this table. This entity’s UDP/IPv4 endpoints 
-- are contained in udpTable. 


ipv6UdpTable OBJECT-TYPE 


SYNTAX SEQUENCE OF Ipv6UdpEntry 
MAX-ACCESS not-accessible 

STATUS current 

DESCRIPTION 


"A table containing UDP listener information for 
UDP/IPv6 endpoints." 
::= { udp 6 } 


ipv6UdpEntry OBJECT-TYPE 
SYNTAX Ipv6UdpEntry 
MAX-ACCESS not-accessible 
STATUS current 
DESCRIPTION 
"Information about a particular current UDP listener. 


Note that conceptual rows in this table require an 
additional index object compared to udpTable, since 
IPv6 addresses are not guaranteed to be unique on the 
managed node." 
INDEX { ipv6UdpLocalAddress, 
ipv6UdpLocalPort, 
ipv6UdpIfIndex } 
:= ( ipv6UdpTable 1 | 


Ipv6UdpEntry ::= SEQUENCE { 
ipv6UdpLocalAddress Ipv6Address, 
ipv6UdpLocalPort INTEGER (0..65535), 
ipv6UdpIfIndex Ipv6IfIndexOrZero | 


ipv6UdpLocalAddress OBJECT-TYPE 


SYNTAX Ipv6Address 
MAX-ACCESS not-accessible 
STATUS current 
DESCRIPTION 


"The local IPv6 address for this UDP listener. 
In the case of a UDP listener which is willing 
to accept datagrams for any IPv6 address 
associated with the managed node, the value ::0 
is used." 

::= ( ipv6UdpEntry 1 } 


ipv6UdpLocalPort OBJECT-TYPE 
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SYNTAX INTEGER (0..65535) 
MAX-ACCESS not-accessible 
STATUS current 
DESCRIPTION 


"The local port number for this UDP listener." 
::= ( ipv6UdpEntry 2 } 


ipv6UdpIfIndex OBJECT-TYPE 

SYNTAX Ipv6IfIndexOrZero 

MAX-ACCESS read-only 

STATUS current 

DESCRIPTION 
"An index object used to disambiguate conceptual rows in 
the table, since the ipv6UdpLocalAddress/ipv6UdpLocalPort 
pair may not be unique. 


This object identifies the local interface that is 
associated with ipv6UdpLocalAddress for this UDP listener. 
If such a local interface cannot be determined, this object 
should take on the value 0. (A possible example of this 
would be if the value of ipv6UdpLocalAddress is ::0.) 


The interface identified by a particular non-0 value of 
this index is the same interface as identified by the same 
value of ipv6IfIndex. 


The value of this object must remain constant during 
the life of this UDP endpoint." 
:= ( ipv6UdpEntry 3 | 


-- conformance information 


ipv6UdpConformance OBJECT IDENTIFIER 


{ ipv6UdpMIB 2 } 


ipv6UdpCompliances OBJECT IDENTIFIER ::= { ipv6UdpConformance 1 | 
ipv6UdpGroups OBJECT IDENTIFIER : { ipv6UdpConformance 2 | 


-- compliance statements 


ipv6UdpCompliance MODULE-COMPLIANCE 
STATUS current 
DESCRIPTION 
"The compliance statement for SNMPv2 entities which 
implement UDP over IPv6." 
MODULE -- this module 
MANDATORY-GROUPS ( ipv6UdpGroup } 
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::= { ipv6UdpCompliances 1 } 


ipv6UdpGroup OBJECT-GROUP 
OBJECTS { -- these are defined in this module 
-- ipv6UdpLocalAddress (not-accessible) 
-- ipv6UdpLocalPort (not-accessible) 
ipv6UdpIfIndex } 
STATUS current 
DESCRIPTION 
"The group of objects providing management of 
UDP over IPv6." 
::= { ipv6UdpGroups 1 } 


END 
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9. Security Considerations 


There are no management objects defined in this MIB that have a MAX- 
ACCESS clause of read-write and/or read-create. So, if this MIB is 
implemented correctly, then there is no risk that an intruder can 
alter or create any management objects of this MIB via direct SNMP 
SET operations. 


There are a number of managed objects in this MIB that may be 
considered to contain sensitive information in some environments. 
For example, the MIB identifies UDP ports on which processes are 
listening. Although this information might be considered sensitive 
in some environments (i.e., to identify ports on which to launch 
denial-of-service or other attacks), there are already other ways of 
obtaining similar information. For example, sending a random UDP 
packet to an unused port prompts the generation of an ICMP port 
unreachable message. 


Therefore, it may be important in some environments to control read 
access to these objects and possibly to even encrypt the values of 
these object when sending them over the network via SNMP. Not all 
versions of SNMP provide features for such a secure environment. 
SNMPvl by itself does not provide encryption or strong 
authentication. 


It is recommended that the implementors consider the security 
features as provided by the SNMPv3 framework. Specifically, the use 
of the User-based Security Model [RFC2274] and the View-based Access 
Control Model [RFC2275] is recommended. 


It is then a customer/user responsibility to ensure that the SNMP 
entity giving access to an instance of this MIB, is properly 
configured to give access to those objects only to those principals 
(users) that have legitimate rights to access them. 
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11. 


Full Copyright Statement 
Copyright (C) The Internet Society (1998). All Rights Reserved. 


This document and translations of it may be copied and furnished to 
others, and derivative works that comment on or otherwise explain it 
or assist in its implementation may be prepared, copied, published 
and distributed, in whole or in part, without restriction of any 
kind, provided that the above copyright notice and this paragraph are 
included on all such copies and derivative works. However, this 
document itself may not be modified in any way, such as by removing 
the copyright notice or references to the Internet Society or other 
Internet organizations, except as needed for the purpose of 
developing Internet standards in which case the procedures for 
copyrights defined in the Internet Standards process must be 
followed, or as required to translate it into languages other than 
English. 


The limited permissions granted above are perpetual and will not be 
revoked by the Internet Society or its successors or assigns. 


This document and the information contained herein is provided on an 
"AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING 
TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING 
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION 
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF 
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 
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